Filter
Top Products
Redirection Policies and User Role
The following sections describe how to configure the redirection policies and user role using the WebUI and CLI.
In the WebUI
To configure user roles to redirect the required traffic to the server(s), navigate to the Configuration > Access
Control > User Roles view (see 1).
1. To add a new role, click Add.The WebUI displays the Add Role view.
Role Name. Enter “guest” as the name for the role.
2. To add a policy for the new role, click Add in the Firewall Policies section. The WebUI expands the Firewall
Policies section.
Choose from existing configured policies, create a new policy based on existing policies, or create a new policy.
a. If you elect to create a new policy, click on the radio button for Create New Policy and then click Create.
The WebUI displays the Policies tab.
b. In the Policies tab:
Policy Name. Enter the policy name fortinet and the IPv4 Session policy type.) Click Add to proceed. The
WebUI expands the Policies tab.
In the drop-down lists, choose parameters such as source, destination, service in the same way as other firewall
policy rules. This example uses any source, any destination, service type svc-http (tcp 80). For certain choices,
the WebUI expands and adds drop-down lists.
c. In the Action drop-down menu, select the redirect to ESI group option.
Select fortinet as the appropriate ESI group.
The three steps above translate to “for any incoming HTTP traffic, going to any destination, redirect the
traffic to servers in the ESI group named fortinet.”)
Select both as the traffic direction. Forward refers to the direction of traffic from the untrusted client or user
to the trusted server, such as the HTTP server or email server.
To add this rule to the policy, click Add.
d. Repeat the steps to configure additional rules. This example adds a rule that specifies any,any,any,permit.
e. Click Done to return to the User Roles tab.
3. Click Apply to apply the configuration changes.
4. Refer to Roles and Policies on page 296, for directions on how to apply a policy to a user role.
In the CLI
Use these commands to define the redirection filter for sending traffic to the ESI server and apply the firewall policy
to a user role in the route-mode ESI topology example.
ip access-listsessionpolicy
anyanyanyredirectesi-groupgroupdirectionbothblacklist
//For any incoming traffic, going to any destination,
//redirect the traffic to servers in the specified ESI group.
anyanyanypermit
//For everything else, allow the traffic to flow normally.
user-rolerole
access-list{eth|mac|session}
bandwidth-contractname
captive-portalname
dialername
pool {l2tp|pptp}
reauthentication-intervalminutes
DellPowerConnectW-SeriesArubaOS6.2 | User Guide ExternalServicesInterface | 764